Attacking Multicore CPUs

Ant writes "The Register reports that the world of current multi-core central processing units (CPUs) just entered is facing a serious threat. A security researcher at Cambridge disclosed a new class of vulnerabilities that takes advantage of concurrency to bypass security protections such as anti-virus software The attack is based on the assumption that the software that interacts with the kernel can be used without interference. The researcher, Robert Watson, showed that a carefully written exploit can attack in the window when this happens, and literally change the "words" that they are exchanging. Even if some of these dark aspects of concurrency were already known, Watson proved that real attacks can be developed, and showed that developers have to fix their code. Fast..."

Re:Fast?

[JordanL]

The creation of plural forms by tongue-in-cheek stretching of English plural 'rules' is popular among hackers, sometimes as a way of marking a term as community jargon. See boxen and mouses for the most visible examples. Other examples, whether widely used or not, are easily recognized and deciphered, and it is well understood that these irregular (or hyper-regular) plurals are not errors but examples of geek humor.

http://www.reference.com/browse/wiki/Plural_of_virus

Re:Neither submitter nor editor RTFA...?

[keithius]

Yeah, I was just thinking - in order to execute this attack, you would already have to have the necessary privileges to do just about anything to a system - so what's the point?

To put it more plainly, why worry about attacks that require you to be at Admin/root level - if you've somehow gotten to Admin/root level, you've already won!

So, yeah, I think this is a bit of hype - a bit more than is usual around here, anyway. (No, wait...)

Re:Fast?

[Yaotzin]

I like to eat PIE.